PROGRESS REPORT: AOSC OS, "MELTDOWN" AND "SPECTRE"

JANUARY 13, 2018

Most good programmers do programming not because they expect to get paid or get adulation by the public, but because it is fun to program. – Linus Torvalds

Since our last progress report, the following progress has been accomplished in our effort to mitigate the “Meltdown” and “Spectre” vulnerabilities for our users:

  • Browsers. With the recently released WebKit2GTK+ 2.18.5, which addressed “Spectre”-related issues - at the present moment, it should be safe to use browsers and applications based on this engine: Midori, Epiphany (GNOME Web), Yelp (GNOME Help/Manual Browser), etc.
  • Microcode. Intel has released version 20180108 of their Microcode update package to further the mitigation of both vulnerabilities. However, there are reports announced by Lenovo and Intel regarding the update resulting in unexpected reboots. Please notify us if you encountered such issue.
  • Applications. Wireshark has recently released version 2.4.4 which mitigated one of the variants of “Spectre”, Kernel-Side Attack.

Please update your AOSC OS as soon as possible.

— Mingcong Bai

1515818497220